feat(codeql): add custom build inputs for .NET Framework support

[eFAILution]

Description

Add custom build inputs to the CodeQL scanner workflow to support legacy .NET Framework projects that cannot use the default autobuild action.

Changes Made

• Added new scanner/workflow
• Modified existing scanner/workflow
• Updated documentation
• Fixed bug
• Other (please specify)

Details

Workflows affected:

• scanner-codeql.yml - Added new inputs for custom build configuration
• reusable-security-hardening.yml - Added pass-through inputs with codeql_ prefix
• pr-reusable-security-hardening.yml - Synced with main reusable workflow

New inputs added to scanner-codeql.yml:

Input	Description	Default
runner	GitHub runner to use (e.g., windows-latest for .NET Framework)	ubuntu-latest
custom_build_command	Custom build command to replace autobuild	''
setup_msbuild	Set up MSBuild (Windows only)	false
setup_dotnet	Set up .NET SDK	false
dotnet_version	.NET SDK version	8.0.x
nuget_restore	Path to solution for NuGet restore	''

New example added:

• examples/dotnet-framework-codeql.yml - Shows configuration for .NET Framework projects

Breaking changes: None - all new inputs have sensible defaults maintaining backward compatibility.

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• Tested with different scanner combinations

[github-actions]

🚀 Release Preview

📦 Version Update

Current: 2.6.0 → New: 2.7.0

📋 Changelog

2.7.0 (2025-12-06)

Features

• codeql: add custom build inputs for .NET Framework support (351bb29)

📁 Files that would be modified

- version.yaml
- CONTRIBUTING.md
- QUICK-START.md
- README.md
- examples/scanner-list-examples.yml
- examples/use-reusable-workflow.yml
- examples/dotnet-framework-codeql.yml
- QUICK-START.md
- README.md
- .github/workflows/reusable-security-hardening.yml
- .github/workflows/scanner-clamav.yml
- .github/workflows/linting.yml
- .github/workflows/reusable-security-hardening.yml

✅ Actions that would be performed

• 📝 Update CHANGELOG.md with new entries
• 🏷️ Create git tag 2.7.0
• 📤 Push changes and tag to repository
• 📦 Create GitHub release

---

This preview is generated by running release-it --dry-run

---

Last updated: 12/6/2025, 8:21:59 PM | Commit: 30d5c8a | View Run

[github-actions]

🧪 Reusable Workflow Verification Results

✅ All 3 test suites passed!

Test Suite	Result
✅ Scanner Resolution Logic (8 scenarios)	Passed
✅ Scanners Input Validation (4 edge cases)	Passed
✅ Integration Test - Full Scan	Passed

Test Coverage

• Scanner Resolution Logic - 8 test scenarios validating scanner selection (always runs)
• Input Validation - 4 edge cases (case sensitivity, whitespace, duplicates, unknowns) (always runs)
• Full Integration Test - End-to-end test with ALL scanners (SAST, linting, secrets, malware, container, infrastructure, SBOM) + PR comment generation (runs when scanner workflows change)

---

Verification run for commit 30d5c8a